<%
'#################################################################################
'## UnWritten Open Source Blog Engine
'#################################################################################
'## Copyright (C) 2008 Luigi Violin
'##
'## This program is free software: you can redistribute it and/or modify
'## it under the terms of the GNU General Public License as published by
'## the Free Software Foundation, either version 2 of the License, or
'## (at your option) any later version.
'##
'## This program is distributed in the hope that it will be useful,
'## but WITHOUT ANY WARRANTY; without even the implied warranty of
'## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
'## GNU General Public License for more details.
'##
'## You should have received a copy of the GNU General Public License
'## along with this program.  If not, see <http://www.gnu.org/licenses/>.
'##
'## You can obtain support from our forums at:
'##     <http://www.unwrittenblog.com/forums/>
'## Contact the author directly:
'##     <zaamit@hotmail.com/>
'##
'#################################################################################
%>
<!--#include virtual="/includes/core.asp"-->
<%
Dim sha1s,spws
set sha1s =  GetObject("script:"&Server.MapPath("/includes/sha1.wsc"))
'update comment
strsql = "update " & db_prefix & "users set "
strsql = strsql & " login = '" & request.form("name") & "', "
strsql = strsql & " nick = '" & request.form("name") & "', "
strsql = strsql & " email = '" & request.form("email") & "', "
strsql = strsql & " url = '" & request.form("url") & "', "
strsql = strsql & " bio = '" & replace(request.form("bio"),"'","''") & "', "
strsql = strsql & " msn = '" & request.form("msn") & "', "
if Session("u_level") = 10 then
strsql = strsql & " activation_key = '" & request.form("activation_key") & "', "
if len(request.form("p")) > 4 then
	sha1s.hexcase = 1
	spws = request.form("p")
    spws = sha1s.hex_hmac_sha1("0x0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b", spws)
	strsql = strsql & " password = '" & spws & "', "
end if
strsql = strsql & " level = " & request.form("level") & ", "
	else
	'user is not admin
	if len(request.form("p")) > 4 then
			sha1s.hexcase = 1
			spws = request.form("op")
    		spws = sha1s.hex_hmac_sha1("0x0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b", spws)
			dbRS3.open "select * from " & db_prefix & "users where id = " & request.form("id") & " and password = '" & spws & "'",dbConn
			if not dbRS3.eof then
				'we can change user's pass
				spws = request.form("p")
    			spws = sha1s.hex_hmac_sha1("0x0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b", spws)
				strsql = strsql & " password = '" & spws & "', "
				else
					strmsg = strmsg & "Current password doesn't match. "
			end if
		else
			if len(request.Form("p")) > 0 then strmsg = strmsg & "Password must be at least 5 chars long. "
	end if
end if
strsql = strsql & " skype = '" & request.form("skype") & "' "
strsql = strsql & " where id = " & request.form("id")
dbConn.execute strsql
set sha1s = nothing
return_url = request.ServerVariables("HTTP_REFERER")
c = instr(return_url,"?")
if c > 0 then return_url = left(return_url,c-1)
Response.Redirect return_url & "?msg=" & "Profile updated. " & strmsg & "&id=" & request.form("id")
%>